The FOSSA Developer Hub

Welcome to the FOSSA developer hub. You'll find comprehensive guides and documentation to help you start working with FOSSA as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Install Plugin (Recommended)

Recommended for Technical Users

This method requires use of a Command Line Interface and knowledge of your codebase. If you're not a developer yourself, we recommend getting a developer to help you -- or you can try our Quick Import method.

The preferred way to integrate FOSSA is to analyze code locally with our open sourced build client fossa-cli, and upload the results.

This method requires some upfront configuration, but is the most performant, accurate and secure method of integration.

Pick this method if:

  • You don't want to give FOSSA code access (due to IT, policy or logistical reasons)
  • You need accurate and performant build results
  • You already have a pre-configured build environment in a CI or local dev machine
  • You are willing to import and configure projects one at a time

Get started by installing the client with this one-liner terminal command (Windows, Mac, Linux) or download directly from our Github Releases page:

curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | bash
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/fossas/fossa-cli/master/install.ps1'))"

Then, follow our documentation on GitHub or view our Supported Languages for in-depth configuration advice.

After configuration, you should be able to just run fossa and get a link to a report in your Terminal:

==========================================================

   View FOSSA Report: https://app.fossa.io/{YOUR_LINK}

==========================================================

This import method takes advantage of existing build environments. Therefore, it works great for one-off scans or complex codebases that require pre-configured CIs for high-performance builds.

What's Getting Uploaded?

Using FOSSA's plugin is highly secure -- it does not grant FOSSA any code access, and will only send back public dependency signatures to app.fossa.io. In fact, you can directly preview what is getting uploaded by running fossa -o and inspect our code openly on GitHub to understand the exact behavior.

[
  {
    "Name": "fossa-cli",
    "Type": "golang",
    "Manifest": "github.com/fossas/fossa-cli/cmd/fossa",
    "Build": {
      "Dependencies": [
        {
          "locator": "go+github.com/rhysd/go-github-selfupdate$d5c53b8d0552a7bf6b36457cd458d27c80e0210b",
          "data": {
            "name": "github.com/rhysd/go-github-selfupdate",
            "version": "d5c53b8d0552a7bf6b36457cd458d27c80e0210b"
          }
        },
        ...
      ],
      ...
    }
  },
  ...
]

Install Plugin (Recommended)


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.